Topic: Cyber Risk Quantification


Overview of Cyber Risk Quantification at HSBC

For every dollar invested in cybersecurity, the question to be asked is what value does this return in terms of reducing cyber risk to your organisation? It is true that there is universal concern about cybersecurity and as a result actual cyber risks may be not well understood. This may be overstated through fear and uncertainty, which could lead to investment without a good appreciation of the true outcome(s). Conversely this could equally be understated and therefore risks being accepted without this being recognised.

We understand that Cyber investment will continue to be strategic in a digital world. So how do we ensure that there is a robust approach to measuring cyber risk, and then allocating our investment funds accordingly? This paper provides an overview of HSBC’s approach:

  • What is Cyber Risk Quantification CRQ?
  • How we use CRQ to help us quantify our cyber risk
  • The HSBC approach to manage our cyber portfolio using CRQ
  • CRQ for a broader industry benchmark


Mr. David J. Gee
Head Cyber Security – Asia Pacific


David is Head of Cybersecurity for HSBC Asia Pacific. He has worked on transformation from the CIO position for the last 19 years. Before joining HSBC, David was CIO and SVP at Metlife Japan, responsible for 8 million customers for the insurer’s largest retail market.

David won CIO of the Year 2014, at Credit Union of Australia for successfully completing a large transformation programme that delivered new Core Banking, Online and Mobile Banking systems along with a total infrastructure revamp.

David has a strong fintech background. He has been an advisor to many startups and consulted for VC firms. He has also been a partner-level IT consultant with KPMG, EY and ICG.

David has been a regular writer for numerous IT publications including CIO Australia, Computerworld, ITNews and CSO (Cyber Security) magazines.

Copyright © 2019 Hong Kong Productivity Council. All Rights Reserved.